added MD files

Author: KelvinTegelaar

Modules/CIPPCore/Public/Tests/EIDSCA/Identity/Invoke-CippTestEIDSCA_AF01.md

@@ -0,0 +1,13 @@
+# FIDO2 - State
+
+FIDO2 security keys should be enabled as an authentication method to provide users with the strongest, most phishing-resistant form of authentication available. FIDO2 security keys use public key cryptography and are resistant to phishing, man-in-the-middle attacks, and password database breaches.
+
+Enabling FIDO2 security keys is a critical step toward passwordless authentication and provides the highest level of security for protecting user accounts, particularly for administrators and high-value targets.
+
+**Remediation action**
+- [Enable passwordless security key sign-in](https://learn.microsoft.com/entra/identity/authentication/howto-authentication-passwordless-security-key)
+- [FIDO2 security key authentication method](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-passwordless)
+- [Plan a passwordless authentication deployment](https://learn.microsoft.com/entra/identity/authentication/howto-authentication-passwordless-deployment)
+
+<!--- Results --->
+%TestResult%

Modules/CIPPCore/Public/Tests/EIDSCA/Identity/Invoke-CippTestEIDSCA_AF02.md

@@ -0,0 +1,13 @@
+# FIDO2 - Self-Service
+
+Self-service registration for FIDO2 security keys should be enabled to allow users to register their own security keys without requiring administrator intervention. This improves user experience and accelerates the adoption of passwordless authentication while maintaining security.
+
+Enabling self-service registration empowers users to take control of their authentication security and reduces the administrative burden of manually provisioning security keys for users.
+
+**Remediation action**
+- [Enable passwordless security key sign-in](https://learn.microsoft.com/entra/identity/authentication/howto-authentication-passwordless-security-key)
+- [FIDO2 security key authentication method](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-passwordless)
+- [Manage authentication methods](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-methods-manage)
+
+<!--- Results --->
+%TestResult%

Modules/CIPPCore/Public/Tests/EIDSCA/Identity/Invoke-CippTestEIDSCA_AF03.md

@@ -0,0 +1,13 @@
+# FIDO2 - Attestation
+
+FIDO2 attestation enforcement should be configured to ensure that only security keys from trusted manufacturers can be registered. Attestation allows Microsoft Entra ID to verify the authenticity and characteristics of FIDO2 security keys during registration, helping prevent the use of compromised or counterfeit devices.
+
+Enforcing attestation provides an additional layer of security by ensuring that only verified, legitimate FIDO2 security keys are used for authentication in your environment.
+
+**Remediation action**
+- [Enable passwordless security key sign-in](https://learn.microsoft.com/entra/identity/authentication/howto-authentication-passwordless-security-key)
+- [FIDO2 security key authentication method](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-passwordless)
+- [Manage authentication methods](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-methods-manage)
+
+<!--- Results --->
+%TestResult%

Modules/CIPPCore/Public/Tests/EIDSCA/Identity/Invoke-CippTestEIDSCA_AF04.md

@@ -0,0 +1,13 @@
+# FIDO2 - Key Restrictions
+
+FIDO2 key restrictions should be configured to control which security key models and manufacturers are allowed in your environment. Key restrictions help ensure that only approved, tested security keys that meet your organization's security requirements can be used for authentication.
+
+Organizations can use key restrictions to enforce specific security requirements such as requiring keys with certain certification levels or from approved vendors.
+
+**Remediation action**
+- [Enable passwordless security key sign-in](https://learn.microsoft.com/entra/identity/authentication/howto-authentication-passwordless-security-key)
+- [FIDO2 security key authentication method](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-passwordless)
+- [Manage FIDO2 security key restrictions](https://learn.microsoft.com/entra/identity/authentication/howto-authentication-passwordless-security-key#key-restrictions)
+
+<!--- Results --->
+%TestResult%

Modules/CIPPCore/Public/Tests/EIDSCA/Identity/Invoke-CippTestEIDSCA_AF05.md

@@ -0,0 +1,13 @@
+# FIDO2 - Restricted Keys
+
+FIDO2 security key restrictions should be properly configured to define which specific keys are allowed or restricted in your environment. Organizations may choose to enforce key restrictions to ensure standardization, maintain approved vendor lists, or block specific key models that don't meet security requirements.
+
+Properly configured key restrictions help maintain consistent security standards across your FIDO2 security key deployment.
+
+**Remediation action**
+- [Enable passwordless security key sign-in](https://learn.microsoft.com/entra/identity/authentication/howto-authentication-passwordless-security-key)
+- [FIDO2 security key authentication method](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-passwordless)
+- [Manage FIDO2 security key restrictions](https://learn.microsoft.com/entra/identity/authentication/howto-authentication-passwordless-security-key#key-restrictions)
+
+<!--- Results --->
+%TestResult%

Modules/CIPPCore/Public/Tests/EIDSCA/Identity/Invoke-CippTestEIDSCA_AF06.md

@@ -0,0 +1,13 @@
+# FIDO2 - Specific Keys
+
+FIDO2 specific key configurations should be reviewed to ensure that key restrictions align with your organization's security policies. Organizations may choose to allow all FIDO2-certified keys or restrict to specific models based on security requirements, user population, or procurement standards.
+
+The configuration of specific key allowances or restrictions should be based on a thorough assessment of your organization's security needs and risk tolerance.
+
+**Remediation action**
+- [Enable passwordless security key sign-in](https://learn.microsoft.com/entra/identity/authentication/howto-authentication-passwordless-security-key)
+- [FIDO2 security key authentication method](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-passwordless)
+- [Manage FIDO2 security key restrictions](https://learn.microsoft.com/entra/identity/authentication/howto-authentication-passwordless-security-key#key-restrictions)
+
+<!--- Results --->
+%TestResult%

Modules/CIPPCore/Public/Tests/EIDSCA/Identity/Invoke-CippTestEIDSCA_AG01.md

@@ -0,0 +1,13 @@
+# Authentication Methods - Policy Migration
+
+The authentication methods policy migration should be completed to use the modern authentication methods framework in Microsoft Entra ID. The modern policy provides enhanced features, better security controls, and improved management capabilities compared to legacy multi-factor authentication settings.
+
+Completing the migration ensures you can take advantage of new authentication features such as FIDO2 security keys, certificate-based authentication, and other modern authentication methods that are only available in the new policy framework.
+
+**Remediation action**
+- [Migrate to the authentication methods policy for Microsoft Entra multifactor authentication and SSPR](https://learn.microsoft.com/entra/identity/authentication/how-to-authentication-methods-manage)
+- [Authentication methods in Microsoft Entra ID](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-methods)
+- [Manage authentication methods](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-methods-manage)
+
+<!--- Results --->
+%TestResult%

Modules/CIPPCore/Public/Tests/EIDSCA/Identity/Invoke-CippTestEIDSCA_AG02.md

@@ -0,0 +1,13 @@
+# Authentication Methods - Report Suspicious Activity
+
+Users should be enabled to report suspicious multifactor authentication prompts they did not initiate. This feature allows users to report fraudulent MFA attempts directly from the Microsoft Authenticator app or via phone call, which helps detect and prevent unauthorized access attempts and credential compromise.
+
+When users report suspicious activity, Microsoft Entra ID can take automated actions such as blocking the user's account, requiring a password reset, or triggering security alerts for administrators to investigate potential compromises.
+
+**Remediation action**
+- [Enable fraud alerts for Microsoft Entra multifactor authentication](https://learn.microsoft.com/entra/identity/authentication/howto-mfa-mfasettings#fraud-alert)
+- [Security defaults in Microsoft Entra ID](https://learn.microsoft.com/entra/fundamentals/security-defaults)
+- [What is Identity Protection in Microsoft Entra ID?](https://learn.microsoft.com/entra/id-protection/overview-identity-protection)
+
+<!--- Results --->
+%TestResult%

Modules/CIPPCore/Public/Tests/EIDSCA/Identity/Invoke-CippTestEIDSCA_AG03.md

@@ -0,0 +1,13 @@
+# Authentication Methods - Suspicious Activity Target
+
+The report suspicious activity feature should target all users or specific groups to ensure comprehensive protection against unauthorized MFA attempts. Properly configuring which users can report suspicious activity ensures that security protections are applied consistently across your organization.
+
+Organizations should enable this feature for all users who use Microsoft Entra multifactor authentication to maximize the effectiveness of threat detection and response capabilities.
+
+**Remediation action**
+- [Enable fraud alerts for Microsoft Entra multifactor authentication](https://learn.microsoft.com/entra/identity/authentication/howto-mfa-mfasettings#fraud-alert)
+- [Authentication methods in Microsoft Entra ID](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-methods)
+- [Manage authentication methods](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-methods-manage)
+
+<!--- Results --->
+%TestResult%

Modules/CIPPCore/Public/Tests/EIDSCA/Identity/Invoke-CippTestEIDSCA_AM01.md

@@ -0,0 +1,13 @@
+# MS Authenticator - State
+
+Microsoft Authenticator should be enabled as an authentication method to provide users with a secure, phishing-resistant way to verify their identity. The Microsoft Authenticator app supports passwordless phone sign-in, push notifications for MFA, and time-based one-time passwords (TOTP).
+
+Enabling Microsoft Authenticator is a fundamental component of a strong authentication strategy and supports your organization's journey toward passwordless authentication.
+
+**Remediation action**
+- [Enable passwordless security key sign-in](https://learn.microsoft.com/entra/identity/authentication/howto-authentication-passwordless-security-key)
+- [Microsoft Authenticator authentication method](https://learn.microsoft.com/entra/identity/authentication/concept-authentication-authenticator-app)
+- [Plan a passwordless authentication deployment](https://learn.microsoft.com/entra/identity/authentication/howto-authentication-passwordless-deployment)
+
+<!--- Results --->
+%TestResult%